You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/11/16 22:50:56 UTC
cxf git commit: [CXF-7139] Avoid BufferOverflowException for trailing
escape characters, patch from Michael Grant applied, This closes #201
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 3f66a2b07 -> 606c55e68
[CXF-7139] Avoid BufferOverflowException for trailing escape characters, patch from Michael Grant applied, This closes #201
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/606c55e6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/606c55e6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/606c55e6
Branch: refs/heads/3.1.x-fixes
Commit: 606c55e684c2e83d5ca770f1355eea239a69e6cf
Parents: 3f66a2b
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Nov 16 23:37:45 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Nov 16 23:49:48 2016 +0100
----------------------------------------------------------------------
.../org/apache/cxf/common/util/UrlUtils.java | 2 +-
.../apache/cxf/common/util/UrlUtilsTest.java | 49 +++++++++++++++++---
2 files changed, 44 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/606c55e6/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java
index 3b7dd23..0260445 100644
--- a/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/util/UrlUtils.java
@@ -87,7 +87,7 @@ public final class UrlUtils {
if (needDecode) {
final byte[] valueBytes = StringUtils.toBytes(value, enc);
ByteBuffer in = ByteBuffer.wrap(valueBytes);
- ByteBuffer out = ByteBuffer.allocate(in.capacity() - 2 * escapesCount);
+ ByteBuffer out = ByteBuffer.allocate(in.capacity() - (2 * escapesCount) + 1);
while (in.hasRemaining()) {
final int b = in.get();
if (!isPath && b == PLUS_CHAR) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/606c55e6/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java
index b0e25b7..7ae4015 100644
--- a/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java
+++ b/core/src/test/java/org/apache/cxf/common/util/UrlUtilsTest.java
@@ -42,14 +42,51 @@ public class UrlUtilsTest extends Assert {
assertEquals("!$&'()*,;=", UrlUtils.urlDecode("!$&'()*,;="));
}
- @Test (expected = IllegalArgumentException.class)
- public void testUrlDecodeIncompleteEscape() {
- UrlUtils.urlDecode("%2");
+ @Test
+ public void testUrlDecodeIncompleteEscapePatterns() {
+
+ try {
+ UrlUtils.urlDecode("%");
+ fail();
+ } catch (Throwable e) {
+ assertTrue(e instanceof IllegalArgumentException);
+ assertTrue(e.getMessage().startsWith("Invalid URL encoding"));
+ }
+
+ try {
+ UrlUtils.urlDecode("a%%%%");
+ fail();
+ } catch (Throwable e) {
+ assertTrue(e instanceof IllegalArgumentException);
+ assertTrue(e.getMessage().startsWith("Invalid URL encoding"));
+ }
+
+ try {
+ UrlUtils.urlDecode("a%2B%");
+ fail();
+ } catch (Throwable e) {
+ assertTrue(e instanceof IllegalArgumentException);
+ assertTrue(e.getMessage().startsWith("Invalid URL encoding"));
+ }
+
+ try {
+ UrlUtils.urlDecode("%2");
+ fail();
+ } catch (Throwable e) {
+ assertTrue(e instanceof IllegalArgumentException);
+ assertTrue(e.getMessage().startsWith("Invalid URL encoding"));
+ }
}
- @Test (expected = IllegalArgumentException.class)
- public void testUrlDecodeInvalidEscape() {
- UrlUtils.urlDecode("%2$");
+ @Test
+ public void testUrlDecodeInvalidEscapePattern() {
+ try {
+ UrlUtils.urlDecode("%2$");
+ fail();
+ } catch (Throwable e) {
+ assertTrue(e instanceof IllegalArgumentException);
+ assertTrue(e.getMessage().startsWith("Invalid URL encoding"));
+ }
}
@Test